Phil Sutter <phil@xxxxxx> wrote: > > > calling 'redirect' verdict will manipulate the IP header as well which > > > we don't want > > > > Can you point me to the code that alters the IP header? I can't find > > anything. > > I guess this is a misunderstanding, but continuing along the lines: > xt_REDIRECT.ko calls nf_nat_redirect() for incoming packets passing the > incoming interface's IP address as 'newdst' parameter. I assume > conntrack then executes, no? Hmmm, I was referring to ebt_redirect, not xt/nft redirect. Whats the concern here? inet redirect should be fully functional, if thats wanted, for skbs passed to bridge local in via ebt_redirect (or nft bridge family with mac dest rewritten to a local address + altered packet type). At least I don't see why it would not work.
